Version Description
Download this release
Release Info
| Developer | blobaugh |
| Plugin |  Theme Authenticity Checker (TAC) |
| Version | 1.5 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4.1 to 1.5
- readme.txt +25 -16
- screenshot-1.jpg +0 -0
- tac.php +10 -6
readme.txt
CHANGED
|
@@ -1,30 +1,30 @@
|
|
| 1 |
-
===
|
| 2 |
-
Contributors: builtBackwards
|
| 3 |
Donate link: http://builtbackwards.com/donate
|
| 4 |
-
Tags: themes, security, javascript, admin
|
| 5 |
-
Requires at least:
|
| 6 |
-
Tested up to: 3.
|
| 7 |
-
Stable tag: 1.
|
| 8 |
|
| 9 |
*Scan all of your theme files for potentially malicious or unwanted code.*
|
| 10 |
|
| 11 |
== Description ==
|
| 12 |
Scan all of your theme files for potentially malicious or unwanted code.
|
| 13 |
|
| 14 |
-
**Updated for
|
| 15 |
|
| 16 |
**What TAC Does**
|
| 17 |
|
| 18 |
-
TAC stands for Theme Authenticity Checker.
|
| 19 |
|
| 20 |
-
Then what do you do? Just because the code is there doesn't mean it's not supposed to be or even qualifies as a threat, but most theme authors don't include code outside of the
|
| 21 |
The real value of this plugin is that you can quickly determine where code cleanup is needed in order to safely enjoy your theme.
|
| 22 |
|
| 23 |
**History**
|
| 24 |
|
| 25 |
-
TAC got its start when we repeatedly found obfuscated malicious code in free
|
| 26 |
|
| 27 |
-
After Googling and exploring on our own we came upon the [article by Derek](http://5thirtyone.com/archives/870 "article by Derek") from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free
|
| 28 |
|
| 29 |
|
| 30 |
== Installation ==
|
|
@@ -33,12 +33,21 @@ After downloading and extracting the latest version of TAC:
|
|
| 33 |
|
| 34 |
1. Upload `tac.php` to the `/wp-content/plugins/` directory
|
| 35 |
2. Activate the plugin through the 'Plugins' menu in WordPress
|
| 36 |
-
3. Go to
|
| 37 |
4. The results of the scan will be displayed for each theme with the filename and line number of any threats.
|
| 38 |
5. You can click on the path to the theme file to edit in the WordPress Theme Editor
|
| 39 |
|
| 40 |
== Changelog ==
|
| 41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42 |
**Version 1.4.1**
|
| 43 |
|
| 44 |
* Compatible with WordPress 2.9
|
|
@@ -52,7 +61,7 @@ After downloading and extracting the latest version of TAC:
|
|
| 52 |
|
| 53 |
**Version 1.3 (Fixes + New Feature)**
|
| 54 |
|
| 55 |
-
* Changed title to
|
| 56 |
* Compatible with WordPress 2.2 - 2.6.1
|
| 57 |
* NEW! Checks for embedded Static Links
|
| 58 |
* NEW! Direct links for editing suspicious files in the WordPress Theme Editor
|
|
@@ -61,12 +70,12 @@ After downloading and extracting the latest version of TAC:
|
|
| 61 |
|
| 62 |
**Version 1.2 (Fixes)**
|
| 63 |
|
| 64 |
-
* Band-aid fixes to theme file paths that were altered by the update to get_themes() in
|
| 65 |
-
* This release is only compatible with
|
| 66 |
|
| 67 |
**Version 1.1 (Fixes)**
|
| 68 |
|
| 69 |
-
* Style sheet doesn
|
| 70 |
* Modified code snippet output to prevent interfering with page structure
|
| 71 |
* Improved styling for slightly more appealing output
|
| 72 |
|
| 1 |
+
=== Theme Authenticity Checker (TAC) ===
|
| 2 |
+
Contributors: builtBackwards, blobaugh
|
| 3 |
Donate link: http://builtbackwards.com/donate
|
| 4 |
+
Tags: themes, security, javascript, admin, theme authentication, verification
|
| 5 |
+
Requires at least: 3.0
|
| 6 |
+
Tested up to: 3.4
|
| 7 |
+
Stable tag: 1.5
|
| 8 |
|
| 9 |
*Scan all of your theme files for potentially malicious or unwanted code.*
|
| 10 |
|
| 11 |
== Description ==
|
| 12 |
Scan all of your theme files for potentially malicious or unwanted code.
|
| 13 |
|
| 14 |
+
**Updated for WordPress 3.4**
|
| 15 |
|
| 16 |
**What TAC Does**
|
| 17 |
|
| 18 |
+
TAC stands for Theme Authenticity Checker. TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of **v1.3** *TAC* also searches for and displays static links.
|
| 19 |
|
| 20 |
+
Then what do you do? Just because the code is there doesn't mean it's not supposed to be or even qualifies as a threat, but most theme authors don't include code outside of the WordPress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
|
| 21 |
The real value of this plugin is that you can quickly determine where code cleanup is needed in order to safely enjoy your theme.
|
| 22 |
|
| 23 |
**History**
|
| 24 |
|
| 25 |
+
TAC got its start when we repeatedly found obfuscated malicious code in free WordPress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
|
| 26 |
|
| 27 |
+
After Googling and exploring on our own we came upon the [article by Derek](http://5thirtyone.com/archives/870 "article by Derek") from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free WordPress themes with encoded script slipped in - some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
|
| 28 |
|
| 29 |
|
| 30 |
== Installation ==
|
| 33 |
|
| 34 |
1. Upload `tac.php` to the `/wp-content/plugins/` directory
|
| 35 |
2. Activate the plugin through the 'Plugins' menu in WordPress
|
| 36 |
+
3. Go to Appearance -> TAC in the WordPress Admin
|
| 37 |
4. The results of the scan will be displayed for each theme with the filename and line number of any threats.
|
| 38 |
5. You can click on the path to the theme file to edit in the WordPress Theme Editor
|
| 39 |
|
| 40 |
== Changelog ==
|
| 41 |
|
| 42 |
+
**Version 1.5**
|
| 43 |
+
|
| 44 |
+
* Compatible with 3.4
|
| 45 |
+
* Updated deprecated function calls to current
|
| 46 |
+
* Updated visible display names for sanity
|
| 47 |
+
* Capitalized all 'P's in WordPress :)
|
| 48 |
+
* Fixed PHP warning messages from uninitiated variables
|
| 49 |
+
|
| 50 |
+
|
| 51 |
**Version 1.4.1**
|
| 52 |
|
| 53 |
* Compatible with WordPress 2.9
|
| 61 |
|
| 62 |
**Version 1.3 (Fixes + New Feature)**
|
| 63 |
|
| 64 |
+
* Changed title to "Theme Authenticity Checker", same acronym, makes more sense
|
| 65 |
* Compatible with WordPress 2.2 - 2.6.1
|
| 66 |
* NEW! Checks for embedded Static Links
|
| 67 |
* NEW! Direct links for editing suspicious files in the WordPress Theme Editor
|
| 70 |
|
| 71 |
**Version 1.2 (Fixes)**
|
| 72 |
|
| 73 |
+
* Band-aid fixes to theme file paths that were altered by the update to get_themes() in WordPress 2.6
|
| 74 |
+
* This release is only compatible with WordPress 2.6
|
| 75 |
|
| 76 |
**Version 1.1 (Fixes)**
|
| 77 |
|
| 78 |
+
* Style sheet doesn't explode any more when certain threats are detected
|
| 79 |
* Modified code snippet output to prevent interfering with page structure
|
| 80 |
* Improved styling for slightly more appealing output
|
| 81 |
|
screenshot-1.jpg
CHANGED
|
File without changes
|
tac.php
CHANGED
|
@@ -1,10 +1,10 @@
|
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
-
Plugin Name:
|
| 4 |
Plugin URI: http://builtbackwards.com/projects/tac/
|
| 5 |
-
Description:
|
| 6 |
Author: builtBackwards
|
| 7 |
-
Version: 1.
|
| 8 |
Author URI: http://builtbackwards.com/
|
| 9 |
*/
|
| 10 |
|
|
@@ -27,6 +27,10 @@ Author URI: http://builtbackwards.com/
|
|
| 27 |
|
| 28 |
function tac_check_theme($template_files, $theme_title) {
|
| 29 |
$static_count = 0;
|
|
|
|
|
|
|
|
|
|
|
|
|
| 30 |
foreach ($template_files as $tfile)
|
| 31 |
{
|
| 32 |
/*
|
|
@@ -124,7 +128,7 @@ function tac_get_template_files($template) {
|
|
| 124 |
|
| 125 |
function tac_init() {
|
| 126 |
if ( function_exists('add_submenu_page') )
|
| 127 |
-
$page = add_submenu_page('themes.php',__('TAC'), __('TAC'), '
|
| 128 |
}
|
| 129 |
|
| 130 |
add_action('admin_menu', 'tac_init');
|
|
@@ -142,10 +146,10 @@ function tac() {
|
|
| 142 |
}
|
| 143 |
</script>
|
| 144 |
<h2>
|
| 145 |
-
<?php _e('
|
| 146 |
</h2>
|
| 147 |
<div class="pinfo">
|
| 148 |
-
|
| 149 |
For more info please go to the plugin page: <a href="http://builtbackwards.com/projects/tac/">http://builtbackwards.com/projects/tac/</a><br/><br/>
|
| 150 |
To submit bugs, suggestions, or comments please post in the <a href="http://wordpress.org/tags/tac">WordPress.org Forum</a>.
|
| 151 |
</div>
|
| 1 |
<?php
|
| 2 |
/*
|
| 3 |
+
Plugin Name: Theme Authenticity Checker (TAC)
|
| 4 |
Plugin URI: http://builtbackwards.com/projects/tac/
|
| 5 |
+
Description: Theme Authenticity Checker scans all of your theme files for potentially malicious or unwanted code.
|
| 6 |
Author: builtBackwards
|
| 7 |
+
Version: 1.5
|
| 8 |
Author URI: http://builtbackwards.com/
|
| 9 |
*/
|
| 10 |
|
| 27 |
|
| 28 |
function tac_check_theme($template_files, $theme_title) {
|
| 29 |
$static_count = 0;
|
| 30 |
+
$bad_lines = null;
|
| 31 |
+
$static_urls = null;
|
| 32 |
+
$static_count = 0;
|
| 33 |
+
|
| 34 |
foreach ($template_files as $tfile)
|
| 35 |
{
|
| 36 |
/*
|
| 128 |
|
| 129 |
function tac_init() {
|
| 130 |
if ( function_exists('add_submenu_page') )
|
| 131 |
+
$page = add_submenu_page('themes.php',__('Theme Authenticity Checker (TAC)'), __('TAC'), 'update_plugins', 'tac.php', 'tac');
|
| 132 |
}
|
| 133 |
|
| 134 |
add_action('admin_menu', 'tac_init');
|
| 146 |
}
|
| 147 |
</script>
|
| 148 |
<h2>
|
| 149 |
+
<?php _e('Theme Authenticity Checker (TAC)'); ?>
|
| 150 |
</h2>
|
| 151 |
<div class="pinfo">
|
| 152 |
+
Theme Authenticity Checker checks themes for malicious or potentially unwanted code.<br/>
|
| 153 |
For more info please go to the plugin page: <a href="http://builtbackwards.com/projects/tac/">http://builtbackwards.com/projects/tac/</a><br/><br/>
|
| 154 |
To submit bugs, suggestions, or comments please post in the <a href="http://wordpress.org/tags/tac">WordPress.org Forum</a>.
|
| 155 |
</div>
|
